Alumni Profile: Peng Ning

The era of the “BYOD” or “bring your own device” workplace has arrived as more people consider using a single phone or tablet to manage both their professional and personal lives a necessary convenience. Businesses like BYOD because it saves their IT departments money and empowers an increasingly mobile workforce to be productive anywhere, anytime.

A vice-president at Samsung Telecommunications America, Dr. Peng Ning is one of the players developing the technology that allows us to toggle easily between work and play. His mandate is to ramp up the platform security features of Samsung phones so they pass muster with enterprises with enormous security needs — like multinational corporations or the federal government. Samsung already enjoys popularity in the consumer electronics market.

On leave from North Carolina State University, where he is a professor of computer science, Ning leads a group of engineers at a Samsung research facility in Santa Clara, California, focused on system security on Samsung devices running Android.

“This is a great opportunity to have a real world impact,” he says. “Now, I understand what the industry needs, to bring something from research to a Product. Samsung is a good place to do such things since they’re willing to take risks to make their products the best in the world.”

Ning’s team works on a platform security application for business and government clients called Knox, named after Fort Knox, a U.S. Army base in Kentucky whose origins date back to the Civil War. Samsung Knox phones won’t be on sale in the U.S. until the last quarter of 2013. The Knox unit is led by Senior Vice President Dr. Injong Rhee, based at Samsung’s Suwon, South Korea headquarters.

Knox uses several sophisticated technologies to pursue the seemingly contradictory aims of BYOD –create a super-secure environment for company data while assuring employees that heir personal info won’t be monitored. Certain smartphones use a technology called “secure boot,” a front-line defense against attacks right when a device is turned on. Knox gives government and business clients the ability to customize this process to meet their own higher security standards. Knox also runs on a constellation of safeguards – called TrustZone Integrity-Based Measurement Architecture, or TIMA – developed by Ning’s group. Measuring the “cryptographic hash value,” TIMA can tell if an employee has installed a non-Samsung operating system on her phone. If this happens, the employee will no longer be able to access company data.

Third-party applications employees download to their phones, which appear to be “appealing and exciting” or mimick well-known apps but have malicious logic, are the biggest threat to an enterprise’s data, Ning says. Through its Security Enhancements for Android, Knox isolates apps into multiple “domains” so that if one domain is compromised, the others aren’t, containing the threat to the data.

From Ning’s perspective, BYOD is a chance for Samsung to shine and break into the lucrative enterprise market. The company’s Galaxy S4 phone with Knox recently won a coveted spot on a list of approved devices Department of Defense employees can use. “I think the BYOD trend benefits both the end users and companies,” Ning says. “We’re bringing a lot of technology to make BYOD a reality.”

Ning has come a long way from the sub-arctic winters and monsoon summers of Hailar, his childhood city in China’s Inner Mongolia province. He fell into computer science in high school and spent a fair bit of time programming in college at the University of Science and Technology in Heifei. A PhD program brought him across the world to George Mason University’s Department of Computer Science, where he met Professors Sushil Jajodia and X. Sean Wang. “I think I owe my career to my advisors,” he says. “They gave me the training to do research.”